Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS...

11
WHITEPAPER Intel SCO Architecture Team New Technology Series Whitepapers Copyright © 2019, INTEL CORPORATION. All rights reserved – unpublished work. P a g e 1 Building Secure End-to-End DSS Solutions with Intel Technology Intel technology is driving the evolution of Digital Surveillance System solutions for greater performance while significantly reducing cost and power requirements. This whitepaper describes how new Intel technology (including DSS architecture, edge-sensors, and security enhancements) can enable secure end-to-end solutions for DSS environments. Table of Contents Executive Summary ........ 1 History of DSS Solutions .. 2 Current DSS Solutions ..... 3 Bandwidth and Connectivity .................................. 3 Cost/Power/Performance4 Ease of Development, Deployment, and Scaling4 Future DSS Solutions....... 5 5G Influences on DSS.... 6 Sensor Fusion............... 7 Impact of Memory and Compute Improvements 7 Design for Privacy ......... 7 Built-in Design Security ... 7 Cost Overheads for Security ..................... 10 Confidentiality, Authentication, and Integrity .................... 10 Secure Data Storage ... 10 Conclusion ................... 10 Collaborators ................ 11 Executive Summary The design of Digital Surveillance Systems (DSS) has experienced major transformations from the age where humans reviewed swaths of VHS tapes to a place where, today, an AI driven system can efficiently review and augment humans with insightful information and recommendations. Intel expects further developments in this space and is driving efforts to design and develop game changing technologies that will usher us into the next generation of DSS. In this white paper, we explore the various historical transformations of DSS technologies and show you a glimpse of how Intel is changing the future by driving exponential changes at the edge, on the network, and in the cloud. Intel can demonstrate new technologies in AI, computing devices, memory, storage, security and 5G and show how they allow DSS System Architects to design for various constraints around cost, performance, security, privacy and public policy. We show: How new Intel technology can add intelligence on the edge to optimize network bandwidth utilization, reduce storage and computing costs in the Data Center, and reduce human review time and fatigue. How Intel technologies like the OpenVINO™ toolkit make it easy to develop, deploy and scale intelligence on a variety of hardware platforms that optimize for performance, power and cost. How Intel 5G technology helps reduce network latency, boost throughput, and add flexibility to your network infrastructure. How Intel Security solutions ensure platform integrity, protect data, provide trusted execution environments, and accelerate end- to-end cryptographic operations. How Intel advances in AI, memory, and compute device designs drive the future design requirements of DSS by enabling the integration of 5G technology, enabling the use of efficient sensor fusion technologies, and driving changes in privacy and public policy requirements in an ever-changing landscape of security requirements.

Transcript of Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS...

Page 1: Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS Solutions with Intel Technology . Intel technology is driving the evolution of Digital

WHITEPAPER Intel SCO Architecture Team New Technology Series Whitepapers

Copyright © 2019, INTEL CORPORATION. All rights reserved – unpublished work. P a g e 1

Building Secure End-to-End DSS Solutions with Intel Technology Intel technology is driving the evolution of Digital Surveillance System solutions for greater performance while significantly reducing cost and power requirements. This whitepaper describes how new Intel technology (including DSS architecture, edge-sensors, and security enhancements) can enable secure end-to-end solutions for DSS environments. Table of Contents Executive Summary ........ 1 History of DSS Solutions .. 2 Current DSS Solutions ..... 3

Bandwidth and Connectivity .................................. 3 Cost/Power/Performance 4 Ease of Development, Deployment, and Scaling4

Future DSS Solutions ....... 5 5G Influences on DSS .... 6 Sensor Fusion ............... 7 Impact of Memory and Compute Improvements 7 Design for Privacy ......... 7

Built-in Design Security ... 7 Cost Overheads for Security ..................... 10 Confidentiality, Authentication, and Integrity .................... 10 Secure Data Storage ... 10

Conclusion ................... 10 Collaborators ................ 11

Executive Summary The design of Digital Surveillance Systems (DSS) has experienced major transformations from the age where humans reviewed swaths of VHS tapes to a place where, today, an AI driven system can efficiently review and augment humans with insightful information and recommendations. Intel expects further developments in this space and is driving efforts to design and develop game changing technologies that will usher us into the next generation of DSS.

In this white paper, we explore the various historical transformations of DSS technologies and show you a glimpse of how Intel is changing the future by driving exponential changes at the edge, on the network, and in the cloud.

Intel can demonstrate new technologies in AI, computing devices, memory, storage, security and 5G and show how they allow DSS System Architects to design for various constraints around cost, performance, security, privacy and public policy. We show:

• How new Intel technology can add intelligence on the edge to optimize network bandwidth utilization, reduce storage and computing costs in the Data Center, and reduce human review time and fatigue.

• How Intel technologies like the OpenVINO™ toolkit make it easy to develop, deploy and scale intelligence on a variety of hardware platforms that optimize for performance, power and cost.

• How Intel 5G technology helps reduce network latency, boost throughput, and add flexibility to your network infrastructure.

• How Intel Security solutions ensure platform integrity, protect data, provide trusted execution environments, and accelerate end-to-end cryptographic operations.

• How Intel advances in AI, memory, and compute device designs drive the future design requirements of DSS by enabling the integration of 5G technology, enabling the use of efficient sensor fusion technologies, and driving changes in privacy and public policy requirements in an ever-changing landscape of security requirements.

Page 2: Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS Solutions with Intel Technology . Intel technology is driving the evolution of Digital

WHITEPAPER Intel SCO Architecture Team Secure End-to-End Solutions for a DSS Environment

Copyright © 2019, INTEL CORPORATION. All rights reserved. P a g e 2

History of DSS Solutions Over the past 15 years, new technology has profoundly changed the design of DSS solutions. Initially, typical DSS implementations were built around analog cameras; the digital recordings they made were spooled to VHS tapes on stand-alone systems. When an incident occurred, a security agent faced a time-intensive process of screening VHS tapes on a video monitor to find an incident. Sharing the video information with another investigator required a security team to manually retrieve a tape and transport it to the next agent, who would then spend even more time scrolling through the VHS tape.

The previous release of DSS technology brought the Internet Protocol Camera (IPC), and with it a major shift in the digital recording process: the recorded data was now stored on a local server rather than on VHS tapes (Figure 1). A local security agent could quickly retrieve an incident while at their desk, and decide what to do based on the screening. A digital clip could simply be forwarded to the next agent in the investigation. However, these video data files were huge, and the local servers often lacked the memory or power to hold more than 5-7 days of data.

The next innovation in DSS brought basic cameras with intelligence in the form of traditional computer vision. However, these system designs placed higher demands on a Data Center for more intelligence and computing power. System designers off-loaded some of these demands by connecting basic cameras with intelligent edge servers, and then connecting those with Data Centers. Today, the new system designs include smart camera technology with intelligence at the sensor, at the edge, and in the Data Center.

Figure 1. Recent Evolution in DSS System Designs

The recent releases of Intel video technology have made it easy to place intelligent devices at the edge. Intelligent edge devices make it possible to detect and properly annotate events of interest on the video stream. Such events (termed “annotated video data”) are then transmitted to the Data Centers, where they receive more computationally intensive analysis and operation.

Intelligent edge devices bring three major benefits for system designers in optimizing the system operation:

• The optimal use of network bandwidth and storage resources, as only the relevant data is transmitted to the Data Center for further analysis. Irrelevant or redundant data is discarded.

• The optimal use of Data Center personnel, because they only review the annotated events, and only focus attention on the important tasks.

• The optimal use for review. When an administrator reviews captured and annotated data at the data center, personnel can quickly zero-in on potential areas of interest. This use case does not optimize the use of network bandwidth and storage resources, however, it greatly aids a human reviewer in finding and screening important events.

Page 3: Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS Solutions with Intel Technology . Intel technology is driving the evolution of Digital

WHITEPAPER Intel SCO Architecture Team Secure End-to-End Solutions for a DSS Environment

Copyright © 2019, INTEL CORPORATION. All rights reserved. P a g e 3

Through the application of edge intelligence, video streams are now annotated with metadata that allows reviewers to easily access the precise video frames that contain events of significance (e.g., finding a person of interest). However, as the number of connected internet devices grows, streams of raw video data are expected to flood the network, slowing system operation and raising the demand for more storage resources in the centralized Data Centers.

Current DSS Solutions Today, Intel offers the next evolution in this technology process: E2E Video 3.0. Rather than renovating the centralized Data Center designs once again, this innovation places compute intelligence in the form of artificial intelligence (AI) Inference at the edge of the Internet. Recent Intel designs prove that the application of analytics to raw data streams at the edge, before the video data is transmitted back to the Data Center, creates a compelling advantage by improving compute efficiency and network bandwidth utilization.

Traditional computer vision algorithms worked well when both the target and the environment were well defined. In practice, however, real-life situations are often not clearly definable, and leave unacceptable gaps in certainty. The need for clear identification has driven recent developments in Intel compute systems. This has resulted in the development of hardware accelerators capable of deploying popular Convolutional Neural Network (CNN) models that have been trained to identify minute variations and anomalies in targets and environments on the edge. Intel has invested heavily in these hardware accelerators to efficiently process computer vision workloads present in similar environments like Autonomous Vehicles, where ever-changing environments and situations require close-to-100% certainty in environmental awareness.

Bandwidth and Connectivity Intel’s thrust into computing accelerators for edge analytics has driven new designs from edge to cloud that are faster and more efficient. Intel devices on the edge and in the Data Center offer a varying degree of power and performance constraints. This makes it possible for Intel to provide a suite of products that address customer design needs from edge to cloud (see Figure 2). With these intelligent edge devices, Intel has altered the type of data being transferred to a Data Center: metadata describing detected events can now be sent in place of or alongside raw data streams depending on design requirements. This pre-analysis data processing unlocks several advantages: it unlocks the potential to reduce the amount of data to be transferred to a Data Center, increases the amount of network bandwidth for other functions, and also increases the usefulness of the data at the Data Center.

Figure 2. Key Performance Improvements at Each Stage in an Intelligent Video System Design

It makes a difference where the analytics are located in a computer system design. Intel studies show that a design where intelligent video system capabilities are placed at the edge helps to balance the overall compute performance. Consider what happens when analytics are embedded into edge sensor compute devices; for example, in the form of a programmable field programmable gate array (FPGA). When an

Page 4: Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS Solutions with Intel Technology . Intel technology is driving the evolution of Digital

WHITEPAPER Intel SCO Architecture Team Secure End-to-End Solutions for a DSS Environment

Copyright © 2019, INTEL CORPORATION. All rights reserved. P a g e 4

analytics application is installed in an edge device, the device can reduce the raw data streams into actionable metadata for Data Center analysts. This changes the analyst’s role from that of performer of forensics analysis (searching data streams to analyze past events) to decision maker (reviewing actionable metadata in near-real-time).

Cost/Power/Performance In the past, typical edge-based camera designs for computer systems used a 10W fixed power limit. When intelligent video system analytics was added to these older designs, the power for the analytics at the edge had to be drawn out of this 10W power envelope. Often the designs did not provide enough overhead in the power envelope to allow for the additional power draw. As a result, many of the older designs require an extensive and very costly redesign in order to be used in an edge-based analytics environment.

Today’s new edge-based camera designs require only about 4-6 Watts of power for a system that includes on-board analytics, as Figure 2 shows. This smaller power requirement (about 1/3 to 1/2 for the camera with analytics) means a reduced load is carried by the Data Center. This can be counted as a reduction in demand to the Data Center in the Total Cost of Ownership (TCO). In other words, by running less analytics, the Data Center can expect a boost to the TCO savings in the form of reduced cooling requirements.

Ease of Development, Deployment, and Scaling Intel offers several tool sets that streamline the effort required to develop and deploy an intelligent video system design at the edge. Intel’s OpenVINO™ toolkit enables software vendors and Original Equipment Manufacturers (OEMs) to easily and quickly deploy their pre-trained Vision based Convolutional Neural Networks to a variety of Intel based accelerators: central processing units (CPUs), graphics processing units (GPUs), FPGAs, visual processing unit (VPUs) and image processing units (IPUs). The OpenVINO toolkit greatly reduces the time-to-deployment because it eliminates the need to redesign hardware and software architectures through its backward-compatibility with existing Intel technologies. The OpenVINO toolkit includes optimized calls for OpenCV* and OpenVX*, and provides support for the popular Deep Learning frameworks like Tensorflow* and Caffe*.

Today, the Intel OpenVINO toolkit (Figure 3) can port a customer pre-trained Vision based CNN (on supported frameworks and architectures) into OpenVINO’s Intermediate Representation (IR). The model’s IR can then be deployed to a heterogeneous mix of compute node types including Intel® Xeon® processors, GPUs, and VPUs. Through the model’s IR, the OpenVINO toolkit has the ability to automatically optimize the system for best performance. The OpenVINO toolkit offers several advantages to developers:

• Architecture agnostic: Operation with major frameworks

• Performance: High performance and high efficiency solutions for edge-based computing

• Portability: Cross-platform flexibility

Figure 3. Intel OpenVINO™ Toolkit – Visual Inferencing and Neural Network Optimization

The Intel OpenVINO toolkit libraries are capable of mapping analytics applications to specific architectures quickly and in an optimal manner. It is not uncommon for a customer application running on an older machine to see a significant speed increase when the application is ported onto a supported processing unit. The Intel OpenVINO toolkit is designed to survey the system environment, determine what compute resources are available, and customize the model deployment to gain optimal performance.

Page 5: Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS Solutions with Intel Technology . Intel technology is driving the evolution of Digital

WHITEPAPER Intel SCO Architecture Team Secure End-to-End Solutions for a DSS Environment

Copyright © 2019, INTEL CORPORATION. All rights reserved. P a g e 5

Figure 4 shows a simple recipe for installing intelligent video system designs that include distributed inference at the gateway/edge/endpoint. Start with an Intel CPU, then add targeted acceleration for higher throughput and/or throughput per Watt. Intel integrated processor graphics are a general means to boost throughput. Specialized Intel processors, like the Intel® Movidius™ Vision Processing Unit, and the Gaussian Neural Accelerator (GNA), are targeted for computer vision, and speech recognition, respectively. When an FPGA is added to the design, it allows more platform customization, including acceleration of input/output (I/O), multi-stream aggregation, in-line processing, as well as Deep Learning (DL) and traditional sensor processing.

Figure 4. Components and Software Support within the Intel OpenVINO™ Toolkit

Future DSS Solutions Intel expects DSS system solutions in the future to continue moving analytics capabilities out to the edge of computing environments. The movement will become faster as the new 5G networking environment continues to develop and improve the speed of the network. As an example, a facial recognition application could run today on a system that uses edge-based analytics. The metadata generated by the edge-computing analytics could be fed into a series of mobile edge-based servers (see Figure 5). This design would give quick access to a database of information, equips security agents with almost real-time access to facial recognition results, and allows for an almost real-time response through the 5G network. Intel is driving changes to facial recognition system designs to give retailers “frictionless” interaction with customers, as illustrated in Figure 6.

Figure 5. Edge Server Networks will Evolve as 5G Networking Takes Hold

Page 6: Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS Solutions with Intel Technology . Intel technology is driving the evolution of Digital

WHITEPAPER Intel SCO Architecture Team Secure End-to-End Solutions for a DSS Environment

Copyright © 2019, INTEL CORPORATION. All rights reserved. P a g e 6

Figure 6. Facial Recognition Use Case that Requires AI Technology at the Edge

There has been a robust discussion in industry circles about the merits of placing intelligence at the edge as opposed to in the Cloud (Data Center). The results of some recent customer applications have suggested several key advantages in placing intelligence at the edge of the compute environment, in the form of an edge cloud:

• Data Centers see a lower demand for power and, as a result, a lower demand for cooling

• Time to actionable data is reduced; agents can make almost real-time decisions

• Network communications traffic is managed to a minimum

5G Influences on DSS By creating 5G transformative infrastructure and client building blocks in 5G RF modems, Mobile Edge Compute (MEC), 5G radio access, Flexible Software Defined Radio, and in dynamic Spectrum Access and sharing, Intel is developing an end-to-end technology solution to enable the various 5G ecosystem developmental paths (some technology examples are: M2M and V2X, Industrial IOT, wireless carriers, and strategic network slicing).

The new 5G technology will also provide the flexibility needed to optimize the network usage to accommodate a wide range of current and future use cases and services, including DSS.

• Latency: The enhanced performance of 5G technology will provide greater data throughput, ultra-high reliability, higher connectivity density, and, at the same time, expand the range of mobility. A key attribute, Ultra low Latency (ULL), will be achieved through two functional paths: (1) device network requirements defined through Network Slicing, (2) Platform computation at the edge. Mobile Edge Compute (MEC) and the investment required to augment the network infrastructure with edge servers is a strategic step in achieving lower Latency by reducing the computational path and separating the platform computational function from the cloud database.

• Flexibility: Network slicing technology will also provide an end-to-end transformation of network architecture, and bring with it the flexibility needed to optimize the network usage to accommodate a wide range of current and future use cases and services. One example is a tactical “Last Mile” optical fiber replacement application, 5G Fixed Wireless Access (FWA). Broadband and TV entertainment providers have already begun to deploy early adoption 5G FWA as CAPEX for and OPEX cost reduction alternative to laying Fiber optic cable for initial network build investments and network infrastructure maintenance respectively.

Page 7: Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS Solutions with Intel Technology . Intel technology is driving the evolution of Digital

WHITEPAPER Intel SCO Architecture Team Secure End-to-End Solutions for a DSS Environment

Copyright © 2019, INTEL CORPORATION. All rights reserved. P a g e 7

Sensor Fusion Many applications require various types of sensors that collect data, and many of these different data types use different data protocols. New designs in sensor data handling systems are applying sensor fusion algorithms to reduce and consolidate the data into the essential information because it requires less network bandwidth when transmitted. Past designs have applied compression algorithms to data in an effort to reduce the data stream. However, as Data Centers must decompress the data before processing it, this design has proved to be less optimal.

Impact of Memory and Compute Improvements Intel expects to see significant changes with DSS solutions due to the onset of small form factor, high density and persistent memory like Intel’s OPTANE™ solid state drives. The OPTANE™ solid state drives offer big and affordable memory, high performance storage, direct load and store access and native persistence when compared to traditional dynamic random-access memory (DRAM) technology. These design features provide essential storage capacity for DSS solutions that require storage of all raw data streams and metadata captured on the edge. In addition to persistent storage, the OPTANE solid state drives can be employed for use in the volatile memory pool by DSS applications that require additional virtual memory in the Data Center.

Intel also expects dramatic improvements in compute capabilities from edge to cloud with an increased emphasis on heterogeneous compute platforms that are specialized to perform certain tasks. In addition, we believe that these compute platforms will continue to push the limits of performance at lower power envelopes.

Design for Privacy Data privacy remains a hot topic in many parts of society, and is typically driven by regional regulations. Data ownership is a hot topic. However, regulations like the General Data Protection Regulation (GDPR) passed in the EU with strict privacy rules heavily favor and protect the rights of subjects captured on edge devices. The GDPR, for example, stipulates that the data subject must give a consent to the processing of his or her personal data – in the DSS use-case, image – for it to be a lawful basis for processing. In addition, the data subject is afforded the right to access and request the erasure of any personal data related to them within a given period of time.1

Hence, there is a need for DSS systems to be context-aware. They must be designed to apply regional privacy regulations and dynamically update and enforce such policies in the event that subcomponents are operating across multiple regional boundaries.

Built-in Design Security The exponential growth of devices (projected to reach 50 billion) is driving a demand for security from the cloud to the edge. Secure processing has become necessary and the degree of security required will vary depending on customer needs. In a security spectrum, commercial customers today have less of a demand as compared to Defense/Government customers, which often have the highest security needs. Defense customers are often concerned with physical security threats to their systems. To obtain the highest levels of security today, customers often pay a large price that is often commensurate with the criticality of the information that is being protected.

Threats are constantly evolving and changing. Hackers and exploiters are no longer content with exploitations at the application or at the OS Level. They are working around the applications that would normally provide some indication that something is wrong. Attackers are digging their way into the boot code, communication channels, and compromising the integrity of the physical interfaces on the system. Once they obtain access, they cause physical changes that cause havoc on systems, or at minimum, cause unpredictable behavior that results in inadvertent release of information that can be used in the next level of

1 https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Figure 7. Cost of Security

Page 8: Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS Solutions with Intel Technology . Intel technology is driving the evolution of Digital

WHITEPAPER Intel SCO Architecture Team Secure End-to-End Solutions for a DSS Environment

Copyright © 2019, INTEL CORPORATION. All rights reserved. P a g e 8

exploitation. These threats are driving security and performance enhancements needed in both commercial and government ecosystems to maintain advantages.

Solutions that provide security and enable trust have become increasingly necessary. It is increasingly important for customers to have systems that can reliably process what is expected, when it is expected, for as long as it is expected, and can discriminate against both malicious processes and malicious circuitry. Customers are driving demand for solutions that allow them to design trust into their systems, while providing additional security capabilities against exploitation.

Figure 8. Attack Surfaces and Evolving Threat Exposure

Intel has spent a great deal of time and effort in designing computer systems that are secure. That effort has brought changes to many design aspects of computer systems, including:

• How systems identify themselves on the network (an immutable and unchangeable ID)

• How systems do a secure boot

• How systems secure local storage devices

• How systems create and manage trusted run-time environments

• How systems protect access to security keys

• How systems encrypt and decrypt messages

• How systems perform Intra- and Inter-communication within a platform

• How systems manage authority certificates

• How systems manage communications channels

The changes in security and the evolving threats have resulted in the release of Intel Security Essentials as shown in Figure 9. Intel technology is mapped to the areas that Intel considers to be the four core security capabilities. All vendors must enable these core capabilities at different layers, and the capabilities must be enabled at the right layers by the right entities. The Intel mapped technologies include:

• Platform Integrity - Includes Intel® Boot Guard, Intel® PTT, discrete TPM support, and others.

• Protected Data, Key and ID - Provides protected storage like Intel PTT, Discrete TPM, and total memory encryption (TME) that guards against frozen DRAM attacks.

Page 9: Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS Solutions with Intel Technology . Intel technology is driving the evolution of Digital

WHITEPAPER Intel SCO Architecture Team Secure End-to-End Solutions for a DSS Environment

Copyright © 2019, INTEL CORPORATION. All rights reserved. P a g e 9

• Trusted Execution - Protects the runtime environment and application memory with solutions like Software Guard Extensions, MKTME, and others.

• Crypto Acceleration - Includes particular crypto operations that perform AES encryptions/decryption and SHA for sign/verify operations, and Secure Key which includes a random number generator to create keys.

Figure 9. Intel Core Security Capabilities Baseline for Trusted Systems

Figure 10 shows a simplified surveillance use case with end-to-end flow of data from the edge devices to the cloud. The smart cameras (on the left) generate live video streams and send it to the network video recorder (in the middle), which could be analyzing some data from the video streams. The endpoints (on the right) receive the data and store it, display it, or up-load it to the cloud.

Figure 10. Example of Encryption in a Surveillance Use Case

Page 10: Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS Solutions with Intel Technology . Intel technology is driving the evolution of Digital

WHITEPAPER Intel SCO Architecture Team Secure End-to-End Solutions for a DSS Environment

Copyright © 2019, INTEL CORPORATION. All rights reserved. P a g e 10

In Figure 10, there are several areas where crypto capabilities are required to protect the data in transit. Encrypted data is shown in green; several areas may require data encryption while the data is in transit. In this simple surveillance system, Intel technology can protect the video streams and analytics data throughout the system. For example, data streams sent from the camera to the Network Video Recorder (NVR) can be protected using SRTP streaming protocol under ONFIV or with a VPN tunnel to the NVR. This is especially important when using cameras on a publicly-accessible transmission means like the Internet. In addition, protection can be applied to the data sent to storage (providing at-rest protection) by using storage encryption or per-stream encryption. When data is up-streamed to an operation center or a cloud, the video and metadata can be protected using HDCP encryption; this protection is included in HDMI connections from the NVR to displays in the on-premises operations centers.

Cost Overheads for Security Applying security in the data path has some performance implications due to latency from encrypt/decrypt and sign/verify operations. The key generation may not be as impacted due to infrequent nature of such operations.

Intel® QuickAssist Technology (Intel® QAT) accelerates and compresses cryptographic workloads by offloading the data to hardware capable of optimizing those functions. This makes it easier for developers to integrate built-in cryptographic accelerators into network and security applications.

• Symmetric cryptography functions include: Cipher operations (AES, DES, 3DES, ARC4); Wireless (Kasumi, Snow, 3G); Hash/Authenticate operations (SHA-1, MD5, SHA-2 [SHA-224, SHA-256, SHA-384, SHA-512]); Authentication (HMAC, AES-XCBC, AES-CCM); Random number generation.

• Public Key Functions include: RSA operation; Diffie-Hellman operation; Digital signature standard operation; Key derivation operation; Elliptic curve cryptography (ECDSA and ECDH) Random number generation and price number testing.

• Compression/Decompression include: DEFLATE (Lempel-Ziv 77)

Confidentiality, Authentication, and Integrity These principles can be implemented using the AES-NI, SHA-NI, and DRNG CPU instructions at high performance. The protection at runtime for code and data can be achieved with Software Guard Extensions (SGX). SGX technology can also be used to protect the Intellectual Property of the ML/DL models related assets such as labels, features, models, training data, etc.

Secure Data Storage Intel Platform Trust Technology can be leveraged for storing the data and keys securely tethered to Silicon and paired with the platform.

Conclusion Intel technology continues to evolve and, as it does, it is driving exciting transformations in system designs that can streamline how Digital Surveillance Systems (DSS) operate. Recent Intel technology developments are making game-changing improvements in the DSS space, including: Intel OpenVINO toolkit, integrated accelerator designs, integrated graphics in CPU designs, 5G network infrastructure technology, major security enhancements for features such as platform integrity, data and key protection, trusted execution, and crypto acceleration, efficient edge based sensor fusion capabilities, and integrated AI capability. By adding edge-based intelligence, Intel solutions can improve overall system performance significantly.

In a world that presents ever-changing security threats, Intel technology is leading the way to new levels assurance for secure systems. DSS applications require secure environments. Intel system solutions offer an integrated, state-of-the-art, end-to-end solution that ensures security, that is architecture agnostic, that offers high performance operation, and that is flexible in adapting as environments and threats change.

Page 11: Building Secure End-to-End DSS Solutions with Intel ... · Page 1. Building Secure End-to-End DSS Solutions with Intel Technology . Intel technology is driving the evolution of Digital

WHITEPAPER Intel SCO Architecture Team Secure End-to-End Solutions for a DSS Environment

Copyright © 2019, INTEL CORPORATION. All rights reserved. P a g e 11

Collaborators This paper is the result of collaborative efforts across several engineering teams at Intel. Many thanks to our contributing authors: Jody Booth, Leland Brown, Sunil Cheruvu, Victor Medrano, Werner Metz, David Mulnix and Temitope Oluwafemi.

Please forward any comments or questions to Temitope Oluwafemi.

LEGAL DISCLAIMER: Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No system or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com. Software and workloads used in performance tests may be optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information, visit www.intel.com/benchmarks. Results have been estimated based on internal Intel analysis and are provided for informational purposes only. Any difference in system hardware or software design or configuration may affect actual performance. Cost reduction scenarios described are intended as examples of how a given Intel-based product, in the specified circumstances and configurations, may affect future costs and provide cost savings. Circumstances will vary. Intel does not guarantee any costs or cost reduction. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast, schedule, specifications and roadmaps. Intel estimated results are based on product specifications. Copyright © 2019, INTEL CORPORATION. All rights reserved. Intel®, the Intel® logo, and Xeon® are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. 341210-001EN